North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Government scrutiny is headed our way
Now that we have gotten down to the nitty gritty here. AGAIN the main mechanism for spoofing the smurf attacks is A program call wingate, ban that code and this problem will be cut more than in half. Next there is a rumor that 8000 users have been infected with a tweaked system.exe file that makes that user a smurf amplifier unwittingly. These are things to watch for. I wish there was an easier way to break bad news. Henry Joe Shaw wrote: > On Sat, 20 Jun 1998, Henry Linneweh wrote: > > > Well DoS and smurf are only different in terms of the packet amounts and > > method to convey them, so in essence A smurf is another form of DoS on > > A larger scale. An existing law already covers that. > > How do you come up with that? A DoS attack is anything that makes a > resource on a host or network unusable. Let's remember that the whole > point of the attack is to deny service, whether it be pop3 service with a > syn flood or bandwidth with smurf, fraggle, or generic ping flood. A > smurf attack is a DoS is a DoS is a DoS. > > > If A NOC refuses to obey the law and investigate on behalf of a paying > > client that DoS has occurred than they become party to a criminal act > > after the fact and are as guilty as the originator of the attack and can > > be held accountable and their staff can arrested and you have the > > right to sue for $4000.00 as do each one of your individual > > customers. > > I've never heard a NOC say they wouldn't track it down, although I'm sure > it's happened in the past. Mostly I've heard that a NOC was incapable of > tracking it down because of router overhead. Not to mention the packets > are almost always going to be traced back to the known smurf amplifiers. > If it was easy to find people responsible for the operations of those nets > and get them on the horn we could have had the smurf problem fixed a long > time ago. I would like to see if taking one of those people into court > for being an unknowing party to the crime would be effective. > > > Sometimes you have to look at what you have and realize how > > to use it for the benefit of the whole. > > Indeed, but how many people want to invest the time and money involved in > prosecuting a smurf attack? Has anyone successfully done it yet? > > > As for smurfs crossing international borders where such attacks generally > > occur from, A group representation to the FCC needs to be formed and > > the FCC needs then to communicate with its counterpart on the foreign > > soil using existing treaties that would make that a violation of non > > aggression > > pacts and interference in a foreign government and denial of its citizens to > > communicate pursuant to their constitution the right of free speech. > > > > In A technical sense smurfs from foreign shores are an act of war on > > networks of the United States by the purposeful intent to disrupt > > destroy and cripple its computer network infrastructure with A > > Smurfing mechanism. > > > > Henry R. Linneweh > > What needs to happen is things like IPSec, ISAKMP, and Oakley become prime > time so authenticating packets becomes a trivial issue. However, the U.S. > Crypto Nazis make it impossible for it to be developed in this country > because if it is, then it cannot be exported to other countries unless in > a weakened state. I don't claim to be a crypto person, but when you think > about how the game is played, getting to the real root of the problem may > not be an answer you like. I'm as patriotic as the next guy [you can read > that however you like], but for crypto authentication solutions to work > our government needs to get their hands out of it. > > Joe Shaw - [email protected] > NetAdmin - Insync Internet Services -- ��4i1�
|